search

sjinks / wp-two-factor-provider-webauthn

WebAuthn Provider for Two Factor plugin
https://wordpress.org/plugins/two-factor-provider-webauthn/
MIT License
14 stars 5 forks source link

chore(deps): update step-security/harden-runner action to v2.8.1 #790

Closed renovate[bot] closed 2 weeks ago

renovate[bot] commented 3 weeks ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
step-security/harden-runner action minor v2.7.1 -> v2.8.1

Release Notes

step-security/harden-runner (step-security/harden-runner) ### [`v2.8.1`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.1) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.8.0...v2.8.1) ##### What's Changed - Bug fix: Update isGitHubHosted implementation by [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/425](https://togithub.com/step-security/harden-runner/pull/425) The previous implementation incorrectly identified large GitHub-hosted runners as self-hosted runners. As a result, harden-runner was not executing on these large GitHub-hosted runners. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.1 ### [`v2.8.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.8.0) [Compare Source](https://togithub.com/step-security/harden-runner/compare/v2.7.1...v2.8.0) ##### What's Changed Release v2.8.0 by [@​h0x0er](https://togithub.com/h0x0er) and [@​varunsh-coder](https://togithub.com/varunsh-coder) in [https://github.com/step-security/harden-runner/pull/416](https://togithub.com/step-security/harden-runner/pull/416) This release includes: - File Monitoring Enhancements: Adds the capability to view the name and path of every file written during the build process. - Process Tracking Enhancements: Adds the capability to view process names and arguments of processes run during the build process. These enhancements are based on insights from the XZ Utils incident, aimed at improving observability and detections during the build process. **Full Changelog**: https://github.com/step-security/harden-runner/compare/v2...v2.8.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

github-actions[bot] commented 3 weeks ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/step-security/harden-runner 17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 :green_circle: 8.7
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests:green_circle: 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:green_circle: 10all changesets reviewed
Contributors:green_circle: 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
License:green_circle: 10license file detected
Maintained:green_circle: 1019 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging:warning: -1packaging workflow not detected
Pinned-Dependencies:green_circle: 7dependency not pinned by hash detected -- score normalized to 7
SAST:green_circle: 10SAST tool is run on all commits
Security-Policy:green_circle: 10security policy file detected
Signed-Releases:warning: -1no releases found
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities:green_circle: 91 existing vulnerabilities detected
actions/step-security/harden-runner a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 :green_circle: 8.7
Details
CheckScoreReason
Binary-Artifacts:green_circle: 10no binaries found in the repo
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
CI-Tests:green_circle: 1014 out of 14 merged PRs checked by a CI test -- score normalized to 10
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Code-Review:green_circle: 10all changesets reviewed
Contributors:green_circle: 6project has 2 contributing companies or organizations -- score normalized to 6
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Dependency-Update-Tool:green_circle: 10update tool detected
Fuzzing:warning: 0project is not fuzzed
License:green_circle: 10license file detected
Maintained:green_circle: 1019 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10
Packaging:warning: -1packaging workflow not detected
Pinned-Dependencies:green_circle: 7dependency not pinned by hash detected -- score normalized to 7
SAST:green_circle: 10SAST tool is run on all commits
Security-Policy:green_circle: 10security policy file detected
Signed-Releases:warning: -1no releases found
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
Vulnerabilities:green_circle: 91 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/dependency-review.yml
  • step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6
  • step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4